All skills
Skillintermediate
/api-architect:design-api
Design a RESTful or GraphQL API based on the project's domain model and requirements.
Claude Code Knowledge Pack7/10/2026
Overview
/api-architect:design-api
Design a RESTful or GraphQL API based on the project's domain model and requirements.
Process
-
Analyze the existing codebase to understand the domain:
- Read database models, schemas, or type definitions to identify entities
- Check existing routes or resolvers to understand current API surface
- Look for DTOs, serializers, or validation schemas
- Identify relationships between entities (one-to-many, many-to-many)
-
Design the resource hierarchy following REST conventions:
- Map each core entity to a resource with a plural noun URL (
/users,/orders,/products) - Nest sub-resources only one level deep (
/users/{id}/orders, not/users/{id}/orders/{id}/items) - Use query parameters for filtering, sorting, and pagination on collection endpoints
- Define standard operations for each resource:
GET /resources- List with pagination (cursor-based preferred over offset)GET /resources/{id}- Retrieve single resourcePOST /resources- Create new resourcePUT /resources/{id}- Full update (replace)PATCH /resources/{id}- Partial updateDELETE /resources/{id}- Remove resource
- Map each core entity to a resource with a plural noun URL (
-
Define request and response shapes:
- Use consistent envelope format:
{ "data": ..., "meta": { "total", "cursor" } } - Include only necessary fields in list responses (summary representation)
- Return full representation on single-resource endpoints
- Define error response format:
{ "error": { "code": "...", "message": "...", "details": [...] } } - Use ISO 8601 for dates, UUIDs for identifiers, lowercase snake_case for field names
- Use consistent envelope format:
-
Design authentication and authorization:
- Recommend Bearer token (JWT or opaque) via Authorization header
- Define permission model: which roles can access which endpoints
- Identify public vs authenticated vs admin-only endpoints
- Include rate limiting headers in response design (X-RateLimit-Limit, X-RateLimit-Remaining)
-
Plan for versioning:
- Recommend URL prefix versioning (
/v1/resources) for simplicity - Document the deprecation policy for old versions
- Design backward-compatible extension patterns (additive fields, optional parameters)
- Recommend URL prefix versioning (
-
Design cross-cutting concerns:
- Pagination: cursor-based with
?cursor=and?limit=parameters - Filtering: field-based query params (
?status=active&created_after=2024-01-01) - Sorting:
?sort=created_at:desc,name:asc - Field selection:
?fields=id,name,emailfor bandwidth optimization - Bulk operations:
POST /resources/batchfor creating multiple items
- Pagination: cursor-based with
Output
Present the API design as a structured table of endpoints with:
- HTTP method and path
- Description
- Request body (if applicable)
- Response shape
- Authentication requirement
- Example curl command for each endpoint
Rules
- Follow the principle of least surprise: APIs should behave as developers expect
- Use standard HTTP status codes correctly (201 for creation, 204 for deletion, 409 for conflicts)
- Design idempotent operations where possible (PUT and DELETE should be safe to retry)
- Never expose internal IDs, database column names, or implementation details
- Consider forward compatibility: design fields that can be extended without breaking clients
- Ask the user for clarification on business rules before making assumptions